Lucene search
K

7 matches found

NVD
NVD
added yesterday6 views

CVE-2026-54891

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tlsgenconnection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The...

6.3CVSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-54891

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tlsgenconnection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The...

6.3CVSS5.8AI score
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/04 7:28 p.m.6 views

CVE-2025-62603

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . ParticipantGenericMessage is the DDS Security control-message container that carries not only the handshake but also on going security-control traffic after the handshake, such as...

7.5CVSS5.5AI score0.00501EPSS
Exploits0References1
Imperva Blog
Imperva Blog
added 2025/08/18 5:23 p.m.13 views

QUIC-LEAK (CVE-2025-54939): New High-Risk Pre-Handshake Remote Denial of Service in LSQUIC QUIC Implementation

Imperva Offensive team discovered that threat actors could smuggle malformed packets to exhaust memory and crash QUIC servers even before a connection handshake is established, therefore, bypassing QUIC connection-level safeguards. Executive Summary QUIC-LEAK CVE-2025-54939 is a newly discovered...

7.5CVSS8AI score0.00766EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.2 views

SUSE CVE-2021-22947

When curl = 7.20.0 and = 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instea...

5.9CVSS6.3AI score0.02799EPSS
Exploits1References94
SUSE CVE
SUSE CVE
added 2023/02/15 3:42 a.m.3 views

SUSE CVE-2021-29969

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...

7.5CVSS9.1AI score0.012EPSS
Exploits0References6
OSV
OSV
added 2018/02/07 5:29 a.m.1 views

UBUNTU-CVE-2018-6794

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web...

5.3CVSS6.4AI score0.29534EPSS
Exploits4References4
Rows per page
Query Builder